Here, at 1, we create the middleware given to use by the Authentication package when our User class conforms to TokenAuthenticatable.

At 2, we create a group of routes using this middleware. All routes created with this middleware will require a valid token be sent in the authorization header.

At 3, we call request.requireAuthenticated, and this method returns to us a User object (not a future). For that reason, in the route handler we do not have to return a Future

At 4, we retrieve the user's auth tokens, and grab the first one. The result of the call user.authTokens.query(on: request) is a query builder, so we could also do some custom filtering as well if needed. For simplicity though, here we will just assume the getting the first one is good. In a real world application, you may want to filter by date, or maybe you have an isExpired property on your tokens to query against.

And finally at 5, we return an instance of PublicUser, passing the auth token and username back to the client.

Now, use a REST client, such as Postman, to make a POST request to http://localhost:8080/createUser, with parameters like: